Microsoft’s biannual Security Intelligence Report(SIR) was released on Wednesday. It is not surprising that Microsoft found out that the malicious applications or software increased three times its last report. The report which is available here (in PDF format), points out that during the quarter ending December 2013, an average of 17 computers out of 1000 computers running on Windows OS were infected with some kind of malware. In an earlier report pertaining to the last quarter, i.e. from July to September, 2014, 5.8 computers were infected with some kind of malware. The current report states a increase on 3 fold over previous quarter.
The finding comes as part of Microsoft’s latest biannual Security jamboree by the Microsoft’s Trustworthy Computing division, which studies security issues encountered by more than 800 million computers running on Windows OS using its security tools. Commenting on the rise Tim Rains, Director of Microsoft’s Trustworthy Computing division attributed the rise to a malware called “Rotbrow”. Interestingly this malware was being classified as harmless by security companies for some time now. “Rotbrow” masquerades as a browser add-on called “Browser Protector” and is supposedly a security product therefore was often classified as safe by different security companies. As per the SIR “Rotbrow” has risen most vis a vis other malwares with it being found in about 59 of every 1,000 computers running on Windows OS. The security companies have now classified “Rotbrow” as a malware or a “dropper” A dropper is a software which has capabilities to download other software on a computer thus making it vulnerable to other malwares. Considered harmless, “Rotbrow” aroused suspicions when it started downloading malicious browser extensions. The ever vigilant security division of Microsoft noticed the change and alerted other security companies who then started blocking it. The security companies found that Rotbrow often distributes Sefnit, a type of malicious botnet code, which can subsequently download other harmful programs to a computer such as those involved in click fraud. Sefnit has also been linked to “ransomware,” which is malware that encrypts a person’s files and demands payment.
This particular technique of hiding behind a veil of a security product has been used by many fake antivirus programs. But due to the ‘safe’ classification Rotbrow managed to get itself installed on a huge number of computers to make it to the top of Microsoft’s SIR report.
“I would characterize it as a low and slow attack,” Rains said. “They were patient and waited a long time before they started to distribute malicious stuff. I think they gained a lot of people’s trust over time.”